2 More Companies Reveal Data Thefts

Two new instances of data theft were revealed this week, including one at Seisint, a competitor of ChoicePoint, which has been at the center of identity theft and data security in recent weeks.

Information on 32,000 individuals from Seisint's database apparently was accessed through misappropriation of legitimate customer identifications and passwords, the company said yesterday. Seisint provides background check data to businesses, government and law enforcement.

LexisNexis, a division of Reed Elsevier Group, acquired Seisint in September for $775 million. Reed Elsevier Group is owned by Reed Elsevier PLC and Reed Elsevier NV. Reed Elsevier's main offices are in New York, London and Amsterdam. Seisint is based in Boca Raton, FL.

According to Reed Elsevier, the information accessed includes names, addresses, Social Security numbers and driver's license numbers. LexisNexis said it will notify the consumers involved and provide them with credit monitoring. The company has begun enhancing security and is working with law enforcement on the breach and preventing future incidents.

In addition, Retail Ventures Inc. said March 8 that consumer data were stolen from a part of its DSW Shoe Warehouse subsidiary. The theft was discovered late last week. Though it did not provide the number of consumers affected, the Columbus, OH, retailer said 103 of its 175 U.S. stores were involved and that the time period of the theft was during the past three months. Types of data stolen included credit card information and other purchase data.

DSW established a consumer help line to assist victims. The company also has contacted credit card companies and issuing banks for the cards at risk.

Meanwhile, ChoicePoint officials are still dealing with the ramifications of their data breach. On March 8, the company said it hired a chief credentialing, compliance and privacy officer, Carol A. DiBattiste. She is the deputy administrator of the U.S. Transportation Security Administration. Last week, the Alpharetta, GA, company said it exited the sale of sensitive data under some circumstances and is instituting new credentialing procedures.

ChoicePoint realized in October that some requests for names, Social Security numbers and other information it filled might have been fraudulent. Since then, the company and law enforcement have discovered nearly 50 bogus accounts posing as legitimate businesses. After an investigation, the company was cleared in late January to notify California consumers, as required by law in the state, that their information may have been accessed.

The company initially confirmed that data on 35,000 California consumers might have been accessed, but on Feb. 16 it said that another 110,000 letters would be sent nationwide involving the fraud. As of late February, 750 consumers had been confirmed as directly affected.

A U.S. Senate committee scheduled a hearing for today to discuss identity theft. The situation has sparked legislation. The first bill proposed after the breach was divulged would give consumers nationwide the same protection Californians have when their data are accessed mistakenly. The bill would require mandatory notification when sensitive data are breached. It was introduced Jan. 24 by Sen. Dianne Feinstein, D-CA.

Companion bills were introduced March 3 in the Senate and House that would create new fair information practices and require information brokers to provide consumers with individual access to personally identifiable information and the right to correct information.

Sen. Bill Nelson, D-FL, introduced the Information Protection and Security Act, which also would require the Federal Trade Commission to devise and enforce rules for data brokers regarding security and customer screening. Rep. Edward Markey, D-MA, introduced the bill in the House. Reps. Jan Schakowsky, D-IL; Bennie G. Thompson, D-MS; and Rahm Emanuel, D-IL, are co-sponsors. If the legislation is enacted, the FTC would be required to issue the new rules in six months.

Kristen Bremner covers list news, insert media, privacy and fundraising for DM News and DMNews.com. To keep up with the latest developments in these areas, subscribe to our daily and weekly e-mail newsletters by visiting www.dmnews.com/newsletters